Posts Tagged: registry

I recently had a Windows XP laptop crash. Windows would not boot to safe mode or anything, and just displayed the following error message:

Shell

1

Windows XP could notstart because the following fileismissing orcorrupt:\WINDOWS\SYSTEM32\CONFIG\SYSTEM

I could not afford to simply wipe the laptop and reinstall windows as it had some old software that was no longer available.I located the following article which details a procedure to recover from this issue using the MS recovery console and using the System Restore: https://support.microsoft.com/en-us/kb/307545

As this laptop did not have a optical cd-rom, it was a difficult proposition to make a XP bootable USB stick to complete this procedure since I do not have the media handy. Additionally, it seemed like a pain to go thru all the steps when it could be simplified quite a bit with a functioning OS like linux. I decided to attempt to recover using a linux live cd:

Create a bootable USB stick with Ubuntu on it using uNetBootin

Boot to the USB stick.

Make backups of any critical files (just in case)

Backup registry files at C:\windows\system32\config to usb stick:

Shell

1

2

3

4

5

c:\windows\system32\config\system

c:\windows\system32\config\software

c:\windows\system32\config\sam

c:\windows\system32\config\security

c:\windows\system32\config\default

Access the System Volume Information which should contain restore points for the system. See Part 2 Steps 7 through 10 in above MS article for details, but in a nutshell you want to access C:\System Volume Information. There will be one or more folders inside and their names will be similar to “_restore{D86480E3-73EF-47BC-A0EB-A81BE6EE3ED8}”. Inside these folders, look for RPx folders. There may be more than 1, and x would be a number. Look at the created dates of these folders to identify a fairly recent restore point. For example I found one that was two weeks old in RP47.

Inside the snapshot directory, copy the registry files to a temp location, and make a backup of them:

Shell

1

2

3

4

5

_REGISTRY_USER_.DEFAULT

_REGISTRY_MACHINE_SECURITY

_REGISTRY_MACHINE_SOFTWARE

_REGISTRY_MACHINE_SYSTEM

_REGISTRY_MACHINE_SAM

Copy the snapshots to C:\windows\system32\config.

Delete the old crashed registry files:

Shell

1

2

3

4

5

c:\windows\system32\config\system

c:\windows\system32\config\software

c:\windows\system32\config\sam

c:\windows\system32\config\security

c:\windows\system32\config\default

Rename the backup registry files to replace the ones you just deleted:

Shell

1

2

3

4

5

Rename _REGISTRY_USER_.DEFAULTtoDEFAULT

Rename _REGISTRY_MACHINE_SECURITY toSECURITY

Rename _REGISTRY_MACHINE_SOFTWARE toSOFTWARE

Rename _REGISTRY_MACHINE_SYSTEM toSYSTEM

Rename _REGISTRY_MACHINE_SAM toSAM

Cross your fingers and reboot! If it does not work, and you still receive the same error message, you may need to try a older registry snapshot. Simply follow the above steps to try a different registry snapshot.